<?php
/**
* @package Joostina
 * @subpackage Security
* @copyright Авторские права (C) 2009 Joostina team. Все права защищены.
* @license Лицензия http://www.gnu.org/licenses/gpl-2.0.htm GNU/GPL, или help/license.php
* Joostina! - свободное программное обеспечение распространяемое по условиям лицензии GNU/GPL
* Для получения информации о используемых расширениях и замечаний об авторском праве, смотрите файл help/copyright.php.
*/

class Hashlist_html
{
	/**
	 *Shows resultes of the hashes' making 
	 * @package Joostina
	 * @subpackage Security
	 * @abstract
	 * @param
	 * @return
	 * @since 1.3
	*/
	function show_makehash_result()
	{
		?>
		<table width='100%' align='left'>
		<tr>
		<td width='100' align='left' valign='top' style="padding-right:9px;">
		<?php 
		global $mosConfig_absolute_path;
		$path = $mosConfig_absolute_path."/".ADMINISTRATOR_DIRECTORY."/components/com_security/cpanel.html.php";
		if(file_exists($path)) {
			require $path;
			CPanel_html::CPanel();
		}
		?>
		</td>
		</tr>
		<tr>
		<td valign='top'>
		<table class="adminheading">
		<tr>
		<th class="frontpage" style="background-image:url(components/com_security/images/blocklist48.gif)"><?php print BLOCKED_TITLE;?></th>
		<td valign='bottom'>
		</tr>
		
		<tr>
		<td style="font-weight: bold; color: green;"><br/><?php echo HASH_CREATION_COMPLETE ?></td> 
		</tr>
		</table>
		<?php
	}
	
	/**
	 *Shows resultes of the hashes' comparing
	 * @package Joostina
	 * @subpackage Security
	 * @abstract
	 * @param
	 * @return
	 * @since 1.3
	*/
	function show_compare(){
		
		global $mosConfig_absolute_path;
		//$path = dirname(__FILE__) . '../../../';
		//$path = str_replace('\\', '/', $path);

		$advice = '';
		if(ini_get('register_globals')){
			$advice .= '<tr><td style="font-weight: bold; color: red;">register_globals</td><td>Register globals are turned on on your server. For security reasons you\'re adviced to turn this off. <a href="http://www.joomla-addons.org/faq/view/register-globals/147.html" target="_blank">Read more</a></td></tr>';
		}

		if(file_exists($mosConfig_absolute_path. 'globals.php')){
			$content = file_get_contents($mosConfig_absolute_path . 'globals.php');
			
			if(preg_match('#define\( \'RG_EMULATION\', 1 \);#', $content)){
				$advice .= '<tr><td style="color: orange; font-style: italic;" >register_globals emulation</td><td>Register globals emulation has been enabled in your globals.php. For security reasons you\'re adviced to turn this off. <a href="http://www.joomla-addons.org/faq/view/register-globals-emulation/147.html" target="_blank">Read more</a></td></tr>';
			}
		}
		?>
		<table width='100%' align='left'>
		<tr>
		<td width='100' align='left' valign='top' style="padding-right:9px;">
		<?php 
		global $mosConfig_absolute_path;
		$path = $mosConfig_absolute_path."/".ADMINISTRATOR_DIRECTORY."/components/com_security/cpanel.html.php";
		if(file_exists($path)) {
			require $path;
			CPanel_html::CPanel();
		}
		?>
		</td>
		</tr>
		<tr>
		<td valign='top'>
		<table class="adminheading">
		<tr>
		<th class="frontpage" style="background-image:url(components/com_security/images/blocklist48.gif)"><?php echo HASH_TITLE;?></th>
		</tr>
		</table>
		<table class="adminlist" style="width: 100%;">
		<tr>
		<?php if(!empty($advice)){
		?>
			
			<td><div class="heading"><?php echo HASH_ADVICES?></div>
			<table border="0" width="100%">
			<tr>
			<th><?php SETTING?></th>
			<th><?php ADVICE?></th>
			</tr>
			<?php echo $advice; ?>
			</table>
			<br />
			<?php 
		}
		?>
		<td style="font-weight: bold;">
		<div class="heading"><?php echo HASH_COMPAIR_COMPLETE?></div></td>
		</tr>
		<tr>
		<td>
		<?php
		$orig = array();
		if(file_exists($mosConfig_absolute_path . "/administrator/components/com_security/joostina_hash.txt")) {
			
		$orig_c = file($mosConfig_absolute_path . "/administrator/components/com_security/joostina_hash.txt");
		for($i=0,$n=count($orig_c);$i<$n;$i++){
			$line = explode("\t", $orig_c[$i]);
			$orig[$line[0]] = trim($line[1]);
		}
		?>

		<table border="0" width="100%">
		<tr>
		<th style="width: 10%;"><?php echo ERROR?></th>
		<th style="width: 60%;"><?php echo FILENAME?></th>
		<th style="width: 30%;"><?php echo TYPE?></th>
		</tr>
		<?php
		
		$files = mosReadDirectory($mosConfig_absolute_path, '.', true, true);
		


		for($i=0,$n=count($files);$i<$n;$i++){
			$file = str_replace('\\', '/', $files[$i]);
			//$file . "<br/>";
			if($content = @file_get_contents($file)){ //check if file is file or directory
				if((!empty($orig[$file])) && (getFileHash($file) != $orig[$file])){ //when a hash exists
					echo '<tr><td style="width: 10%; color: orange; font-style: italic;">' . WARNING. '</td><td style="width: 70%;">' . str_replace($mosConfig_absolute_path, ".", $file)  . '</td><td style="width: 20%;">' . HASH_ERROR_CORRUPTED . '</td></tr>';
				}
				
				//check other things
				$type = explode('.', $file);
				if(!preg_match('#_VALID_MOS#', $content) && ($type[sizeof($type) - 1] == 'php')){
					//actually, we should do a few more checks.. a class or switch file is safe anyhow
					
					if(!preg_match('#<?php#', $content)){ //file does not contain php, ignore
						unset($orig[$file]);
						continue;
					}
					
					//check if file contains includes with variables in it
					if(
							!preg_match('#require(\s)?\((.*)?\$(.*)?\)#', $content) &&
							!preg_match('#require_once(\s)?\((.*)?\$(.*)?\)#', $content) &&
							!preg_match('#include(\s)?\((.*)?\$(.*)?\)#', $content) &&
							!preg_match('#include_once(\s)?\((.*)?\$(.*)?\)#', $content)
							){
						//if not, skip this one as well
						unset($orig[$file]);
						continue;
					}
					
					echo '<tr><td style="width: 10%; color: orange; font-style: italic;" >'. SECURITY .'</td><td style="width: 70%;" >' . str_replace($mosConfig_absolute_path, ".", $file) . '</td><td style="width: 20%;">' . HASH_ERROR_VALID_MOS . '</td></tr>';
				}
			}
			
			unset($orig[$file]);
		}
		?>
		</table>
		</td>
		</tr>
		<tr>
		<td style="font-weight: bold;">
		<?php 
		if(sizeof($orig) > 0){ 
			?>
			<br />
			
			<div class="heading"><?php echo HASH_MISS_FILES?></div>
			</td>
			</tr>
			<tr>
			<td>
			<table border="0" width="100%">
			<tr>
			<th style="width: 10%;"><?php echo ERROR?></th>
			<th style="width: 60%;"><?php echo FILENAME?></th>
			<th style="width: 30%;"><?php echo TYPE?></th>
			</tr>
			<?php
			$keys = array_keys($orig);
			for($i=0,$n=count($keys);$i<$n;$i++){
				$file = $keys[$i];
				echo '<tr><td style="width: 10%; color: red; font-weight: bold;" >'. MISSING .'</td><td style="width: 70%;">' . str_replace($mosConfig_absolute_path, ".", $file) . '</td><td style="width: 20%;">' . HASH_ERROR_FILE_IS_MISSING . '</td></tr>';
			}?>
			</table>
		<?php } ?>
		</table>
		<?php
		}
		else
		{
			echo "<br />\n";
			echo NEED_TO_CREATE_HASH_LIST;
			echo "</table>";
		}
	}
}
?>